Counter Fraud and Enforcement Unit - Data Privacy Notice
Who we are and what we do
The Counter Fraud and Enforcement Unit works in partnership with Cheltenham and Tewkesbury Borough Councils and Cotswold, Forest of Dean, Stroud and West Oxfordshire District Councils.
The councils are data controllers under Data Protection Legislation (General Data Protection Regulations and the Data Protection Act 2018) as the councils collect and process personal information about you in order to provide services, and to meet statutory and regulatory obligations.
The Counter Fraud and Enforcement Unit aims to tackle all forms of fraud and abuse against the public purse and provides a dedicated service to assist in enforcement and prosecution.
The Counter Fraud and Enforcement Unit assists the corporate framework to help counter any fraudulent activity. The team investigates fraud and crime both inside and outside the organisation.
This notice explains why we ask for your personal information, how that information will be used and how you can access your records.
Any questions regarding our privacy practices should be sent to:
Data Protection Officer (DPO) |
Data Protection Officer (DPO) |
Data Protection Officer (DPO) |
Data Protection Officer (DPO) |
Data Protection Officer (DPO) |
Data Protection Officer (DPO) |
Why we need your information and how we use it
The councils have a duty to protect public funds. The Counter Fraud and Enforcement Unit will use your data to investigate any potential errors and/or fraudulent activity which could lead to (but is not limited to) generation of invoices, recovery of monies and prosecution and/or court action being pursued.
What type of information is collected from you?
The Counter Fraud and Enforcement Unit will use any personal data that the councils hold in order to detect and/or prevent criminal activity. This includes, but is not necessarily limited to
- Name
- Gender
- Address
- Contact details such as telephone numbers and email address
- Date of birth
- National Insurance Number
- Details about family and relationship circumstances
- Details about your involvement with the council
The Counter Fraud and Enforcement Unit will also use any ‘Special Category’ data that the council holds in order to detect and/or prevent criminal activity. This includes, but not necessarily limited to:
- Health records
- Political affiliations
- Racial or ethnic information
- Religious or philosophical beliefs
The Counter Fraud and Enforcement Unit may also use any ‘criminal conviction data’ that the council or the Phoenix Bureau (Police) may hold in relation to you.
The Counter Fraud and Enforcement Unit will also create information based on their investigations. This could include, but is not necessarily limited to:
- Any information you, or a party to the investigation, provide us with
- Any information passed to us by any other organisation
- Witness Statements
- Any relevant correspondence we have had with you or another party to the investigation – including internal correspondence about you
- Any relevant video recording (including CCTV), audio recordings, or images
- Investigation interview transcripts
- Information gathered from other sources such as open source intelligence
How we use your information - ‘Data Matching’
National Fraud Initiative
The council participates in an exercise called the National Fraud Initiative (NFI) to promote the proper spending of public money (some matches are annual and some are biennial). This is a data matching exercise organised and managed by the Cabinet Office.
Every council in England takes part by providing information relating to the customers and services they supply. The Cabinet Office matches the databases together looking for suspicious details. We then investigate the details the Cabinet Office sends back to us. For more information about how the Cabinet uses your data please see: https://www.gov.uk/government/publications/code-of-data-matching-practice-for-national-fraud-initiative
Normally every individual whose data is included is informed about NFI, in accordance with our Data Protection Policy.
Internal Data Matching Initiative
The council also undertakes internal data matching exercises as well as regional data matching with neighbouring authorities. This is to further help protect public funds from misuse and to identify fraud.
This means that we may use your personal data from one and match it against your data from another organisation. Any information we disclose to or receive from neighbouring authorities is governed by strict information sharing agreements.
What is our lawful basis for processing your information?
The legal bases for processing and/or sharing your personal information are Article 6(1)(c) and 6(1)(e) of the Data Protection Legislation.
The council processes your personal data for the purposes of crime prevention and/or detection and to ensure the proper use of public funds based on:
Article 6(1)(c) – Processing is necessary for compliance with a legal obligation; The councils have a statutory and regulatory obligation to provide services and need to collect personal information to do so.
Article 6(1)(e) – Processing is necessary for the performance of a task carried out in the Public Interest. The processing is necessary for the council to perform a task in the public interest or for official functions, and the task or function has a clear basis in law.
The council processes your special category data and criminal conviction data, for the purposes of crime prevention and/or detection, based on:
Article 9(2)(g) in pursuance with Schedule 1(6) and (10) of the Data Protection Act 2018 – Processing is necessary for reasons of substantial public interest (legal obligations and preventing/detecting unlawful acts).
The Legislation that governs how the Counter Fraud and Enforcement Unit collect, store and record information is detailed below (the list is not exhaustive):
- The Local Government Acts
- Human Rights Act 1998
- Regulation of Investigatory Powers Act 2000
- Investigatory Powers Act 2016
- Criminal Procedures and Investigations Act 1996
- Police and Criminal Evidence Act 1984
- Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013.
- Prevention of Social Housing Fraud Act 2013
- Social Security Administration Act 1992
- Serious Crime Act 2007
- Digital Economy Act 2017
- Welfare Reform Act 2012
- Council Tax (Administration and Enforcement) Regulations 1992
- Housing Benefit Regulations 2006
- Housing Acts
The Legislation that allows us to prosecute is s222 of the Local Government Act 1972 and the council may investigate offences of fraud or misuse of public funds and bring charges under the following (the list is not exhaustive):
- The Fraud Act 2006
- The Theft Acts
- Forgery and Counterfeiting Act 1987
- Computer Misuse Act 1990
- Identity Card Act 2006
- Welfare Reform Act 2012
- Housing Acts
- Proceeds of Crime Act 2002
- Council Tax Reduction Schemes (Detection of Fraud and Enforcement) (England) Regulations 2013
- Prevention of Social Housing Fraud Act (Power to Require Information) (England) Regulations 2014
Sharing your information
The council obtains information about you from third parties. The council may share this information, as well as information you have provided, for the following purposes;
- The prevention and detection of crime, and
- The protection of public funds
These third parties include, but are not limited to, the Police, the NHS, the Department for Work and Pensions, Her Majesty's Revenues and Customs, other Government Departments and other Local Authorities.
We may also provide information for data matching exercises with the Cabinet Office, the Department for Work and Pensions and credit reference agencies as the law allows.
We may also pass information to the Police or another law enforcement agency if we believe a crime has been, or is likely to be, committed.
How long we keep your information (retention period)
The Counter Fraud and Enforcement Unit will keep personal data for the periods as set out within the Unit’s Data Retention Schedule in line with legislation requirements.
Where we collect or process information for data matching purposes, we review each project on its own merits and delete superfluous records following completion of the exercise.
How we protect your information
We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, or unauthorised alteration or destruction.
Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
We will notify you promptly in the event of any breach of your personal information which might expose you to serious risk.
Your rights
You have rights under Data Protection Legislation:
- to access your personal data
- to be provided with information about how your personal data is processed
- to have your personal data corrected
- to have your personal data erased in certain circumstances
- to object to or restrict how your personal data is processed
- to have your personal data transferred to yourself or to another business in certain circumstances
- you have the right to be told if we have made a mistake whilst processing your data and we will self report breaches to the Commissioner.
How you can access, update or correct your information
The Data Protection Legislation allows you to find out what information is held about you, on paper and computer records. This is known as ‘right of subject access’ and applies to data held by the Counter Fraud and Enforcement Unit along with all other personal records.
It should be noted that where information has been gathered for the purposes of a criminal investigation it may not be released: https://www.westoxon.gov.uk/about-the-council/data-protection/
If you wish to see a copy of your records you should contact the Data Protection Officer. You are entitled to receive a copy of our records free of charge, within a month.
In certain circumstances access to your records may be limited, for example, if the records you have asked for contain information relating to another person.
The accuracy of your information is important to us to be able to provide relevant services more quickly. We are working to make our record keeping more efficient. In the meantime, if you change your address or email address, or if any of your circumstances change or any of the other information we hold is inaccurate or out of date please email or write to the following:
Head of Service
Counter Fraud and Enforcement Unit
Cotswold District Council
Trinity Road, Cirencester, GL7 1PX
Email: fraud.referrals@cotswold.gov.uk
Tel: 01285 623000
Further information
If you would like to know more about how we use your information, or if for any reason you do not wish to have your information used in any of the ways described in this notice, please tell us.
You can contact the council’s Data Protection Officer (details as outlined above) and you can also complain to the Information Commissioner: https://ico.org.uk